#!/bin/bash
# WEVIA Blade Cleaner & Security Agent — cron */2
# Connects to Blade via SSH, cleans cache, monitors security
BLADE="10.1.0.4"
USER="yanis"
SSH="ssh -o ConnectTimeout=3 -o StrictHostKeyChecking=no -o BatchMode=yes $USER@$BLADE"
LOG="/var/log/wevia-blade-cleaner.log"
RESULTS="/var/www/html/api/wevia-blade-status.json"

# Check if Blade is reachable
if ! timeout 3 ping -c 1 $BLADE >/dev/null 2>&1; then
    echo "{\"ts\":\"$(date +%H:%M)\",\"status\":\"offline\"}" > $RESULTS
    exit 0
fi

# Run PowerShell cleanup + security in one SSH call
OUTPUT=$($SSH 'powershell -NoProfile -Command "
    $r = @{}
    $r.ts = Get-Date -Format \"HH:mm\"
    $r.status = \"online\"

    # === CACHE CLEAR ===
    $cleaned = 0
    # Chrome cache
    $paths = @(
        \"$env:LOCALAPPDATA\Google\Chrome\User Data\Default\Cache\Cache_Data\*\",
        \"$env:LOCALAPPDATA\Google\Chrome\User Data\Default\Code Cache\*\",
        \"$env:LOCALAPPDATA\Google\Chrome\User Data\Default\Service Worker\CacheStorage\*\",
        \"$env:LOCALAPPDATA\Microsoft\Edge\User Data\Default\Cache\*\"
    )
    foreach ($p in $paths) {
        try {
            $sz = (Get-ChildItem $p -Recurse -ErrorAction SilentlyContinue | Measure-Object Length -Sum).Sum
            Remove-Item $p -Recurse -Force -ErrorAction SilentlyContinue
            $cleaned += $sz
        } catch {}
    }
    # Windows temp
    Remove-Item \"$env:TEMP\*\" -Recurse -Force -ErrorAction SilentlyContinue 2>$null
    Remove-Item \"C:\Windows\Temp\*\" -Recurse -Force -ErrorAction SilentlyContinue 2>$null
    # Prefetch
    Remove-Item \"C:\Windows\Prefetch\*.pf\" -Force -ErrorAction SilentlyContinue 2>$null
    # Thumbnails
    Remove-Item \"$env:LOCALAPPDATA\Microsoft\Windows\Explorer\thumbcache_*\" -Force -ErrorAction SilentlyContinue 2>$null
    # DNS flush
    ipconfig /flushdns 2>$null | Out-Null
    $r.cleaned_mb = [math]::Round($cleaned / 1MB, 1)

    # === HEALTH ===
    $cpu = (Get-WmiObject Win32_Processor | Measure-Object LoadPercentage -Average).Average
    $mem = Get-WmiObject Win32_OperatingSystem
    $r.cpu = $cpu
    $r.ram_pct = [math]::Round(($mem.TotalVisibleMemorySize - $mem.FreePhysicalMemory) / $mem.TotalVisibleMemorySize * 100, 1)
    $disk = Get-WmiObject Win32_LogicalDisk -Filter \"DriveType=3 AND DeviceID='C:'\"
    $r.disk_pct = [math]::Round(($disk.Size - $disk.FreeSpace) / $disk.Size * 100, 1)
    $r.disk_free_gb = [math]::Round($disk.FreeSpace / 1GB, 1)
    $r.procs = (Get-Process).Count

    # === SECURITY ===
    # Defender status
    $def = Get-MpComputerStatus -ErrorAction SilentlyContinue
    $r.defender = $def.RealTimeProtectionEnabled
    $r.defender_sigs = $def.AntivirusSignatureLastUpdated.ToString(\"yyyy-MM-dd\") 
    # Threats detected
    $threats = (Get-MpThreatDetection -ErrorAction SilentlyContinue | Where-Object {$_.InitialDetectionTime -gt (Get-Date).AddHours(-24)}).Count
    $r.threats_24h = $threats
    # Failed logins
    $fails = (Get-WinEvent -FilterHashtable @{LogName='Security';Id=4625;StartTime=(Get-Date).AddHours(-1)} -MaxEvents 100 -ErrorAction SilentlyContinue).Count
    $r.failed_logins_1h = $fails
    # Listening ports count
    $ports = (Get-NetTCPConnection -State Listen -ErrorAction SilentlyContinue | Select-Object LocalPort -Unique).Count
    $r.open_ports = $ports
    # Suspicious: high CPU processes
    $r.high_cpu = @(Get-Process | Where-Object {$_.CPU -gt 120} | Select-Object -First 3 Name | ForEach-Object {$_.Name})
    # Firewall
    $r.firewall = @(Get-NetFirewallProfile | ForEach-Object {\"$($_.Name):$($_.Enabled)\"})

    # === AUTO-FIX ===
    # Kill known bloatware if eating CPU
    $bloat = @(\"GameBar\",\"YourPhone\",\"SkypeApp\",\"Cortana\",\"OneDrive\")
    foreach ($b in $bloat) {
        $p = Get-Process -Name \"*$b*\" -ErrorAction SilentlyContinue
        if ($p -and $p.CPU -gt 60) {
            Stop-Process $p -Force -ErrorAction SilentlyContinue
            $r.killed += @($b)
        }
    }
    # Auto-update Defender signatures if >2 days old
    if ($def.AntivirusSignatureLastUpdated -lt (Get-Date).AddDays(-2)) {
        Update-MpSignature -ErrorAction SilentlyContinue
        $r.defender_updated = $true
    }

    $r | ConvertTo-Json -Compress
"' 2>/dev/null)

# Save results
if [ -n "$OUTPUT" ] && echo "$OUTPUT" | python3 -c "import json,sys;json.load(sys.stdin)" 2>/dev/null; then
    echo "$OUTPUT" > $RESULTS
    # Log alerts
    CPU=$(echo "$OUTPUT" | python3 -c "import json,sys;print(json.load(sys.stdin).get('cpu',0))" 2>/dev/null)
    RAM=$(echo "$OUTPUT" | python3 -c "import json,sys;print(json.load(sys.stdin).get('ram_pct',0))" 2>/dev/null)
    THREATS=$(echo "$OUTPUT" | python3 -c "import json,sys;print(json.load(sys.stdin).get('threats_24h',0))" 2>/dev/null)
    FAILS=$(echo "$OUTPUT" | python3 -c "import json,sys;print(json.load(sys.stdin).get('failed_logins_1h',0))" 2>/dev/null)
    CLEANED=$(echo "$OUTPUT" | python3 -c "import json,sys;print(json.load(sys.stdin).get('cleaned_mb',0))" 2>/dev/null)
    
    MSG="$(date +%H:%M) CPU:${CPU}% RAM:${RAM}% Clean:${CLEANED}MB"
    [ "${THREATS:-0}" -gt 0 ] && MSG="$MSG THREATS:$THREATS!"
    [ "${FAILS:-0}" -gt 10 ] && MSG="$MSG BRUTE:$FAILS!"
    echo "$MSG" >> $LOG
else
    echo "{\"ts\":\"$(date +%H:%M)\",\"status\":\"ssh_error\"}" > $RESULTS
fi